Cyc1E183

**Name of the Vulnerable Software and Affected Versions** XE versions prior to 1.11.6 **Description** The issue allows for unrestricted file upload via the modules/menu/menu.admin.controller.php module. When uploading the Mouse over button and the When selected button, there is no restriction on the file suffix, which leads to any file being uploaded to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. **Recommendations** For versions prior to 1.11.6, update to version 1.11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the modules/menu/menu.admin.controller.php module until a patch is available. Avoid using the file upload feature in the Mouse over button and the When selected button until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** XE versions prior to 1.11.2 XE version 1.116 **Description** The issue arises from the lack of restriction on file suffixes when uploading files using the Normal button, allowing any file type to be uploaded to the files directory. Since the .htaccess configuration only restricts PHP file types, uploading HTML files can lead to stored XSS vulnerabilities. If the .htaccess configuration is improper, it is possible to upload PHP files, potentially leading to remote code execution. **Recommendations** For XE versions prior to 1.11.2, consider updating the .htaccess configuration to properly restrict file types. For XE version 1.116, restrict access to the file upload feature until a proper fix is applied, and ensure the .htaccess configuration is correctly set up to prevent the upload of malicious files. As a temporary workaround, consider disabling the file upload feature via the Normal button until a patch is available.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions prior to 3.3.16 Description: The issue is related to a Remote Code Execution vulnerability. It affects the admin/upload.php file through phar files. Recommendations: For versions prior to 3.3.16, update to version 3.3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/upload.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS version 3.3.16 Description: The issue concerns a Cross Site Scripting vulnerability. It can be exploited in the admin/upload.php file by adding comments or jpg and other file header information to the content of xla, pages, and gzip files. Recommendations: For GetSimpleCMS version 3.3.16, update to a newer version that contains a fix for this issue, as using outdated versions may pose a security risk. As a temporary workaround, consider restricting access to the admin/upload.php file to minimize the risk of exploitation. Avoid using the vulnerable file upload functionality in the admin/upload.php file until the issue is resolved.